﻿using System.Web;
using System.Web.Mvc;

namespace dPet.Web.Hospital.Fliters
{
	using dPet.Application.DataObjects;
	using dPet.Web.Hospital.ViewModels;
	using Hangerd.Mvc.Attributes;

	public class StaffLoginAuthAttribute : LoginAuthAttribute
	{
		public PrivilegesDto Privilege { get; set; }

		public StaffLoginAuthAttribute()
			: base("Login", "Account")
		{ }

		protected override bool LoginAuthorizeCore(HttpContextBase httpContext)
		{
			if (base.LoginAuthorizeCore(httpContext))
			{
				if (LoginStaffModel.Current != null)
				{
					return true;
				}
			}

			return false;
		}

		protected override void OnRolePrivilegeCheck(AuthorizationContext filterContext)
		{
			var currentStaff = LoginStaffModel.Current;

			if (currentStaff == null || currentStaff.StaffRole == null
				|| (Privilege & LoginStaffModel.Current.StaffRole.Privileges) != Privilege)
			{
				if (this.Ajax)
				{
					base.ResponseDefaultAjaxResult(filterContext);
				}
				else
				{
					base.ResponseViewResult(filterContext, "_NoAccess");
				}
			}
		}
	}
}
